TYPO3 CMS  TYPO3_6-2
All Classes Namespaces Files Functions Variables Pages
PermissionAjaxController.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Perm\Controller;
3 
17 use TYPO3\CMS\Backend\Utility\BackendUtility;
18 
28 class PermissionAjaxController {
29 
30  // The local configuration array
31  protected $conf = array();
32 
33  // TYPO3 Back Path
34  protected $backPath = '../../../';
35 
36  /********************************************
37  *
38  * Init method for this class
39  *
40  ********************************************/
44  public function __construct() {
45  $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_mod_web_perm.xlf');
46  // Configuration, variable assignment
47  $this->conf['page'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('page');
48  $this->conf['who'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('who');
49  $this->conf['mode'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('mode');
50  $this->conf['bits'] = (int)\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('bits');
51  $this->conf['permissions'] = (int)\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('permissions');
52  $this->conf['action'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('action');
53  $this->conf['ownerUid'] = (int)\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('ownerUid');
54  $this->conf['username'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('username');
55  $this->conf['groupUid'] = (int)\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupUid');
56  $this->conf['groupname'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupname');
57  $this->conf['editLockState'] = (int)\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('editLockState');
58  // User: Replace some parts of the posted values
59  $this->conf['new_owner_uid'] = (int)\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newOwnerUid');
60  $temp_owner_data = BackendUtility::getUserNames('username, uid', ' AND uid = ' . $this->conf['new_owner_uid']);
61  $this->conf['new_owner_username'] = htmlspecialchars($temp_owner_data[$this->conf['new_owner_uid']]['username']);
62  // Group: Replace some parts of the posted values
63  $this->conf['new_group_uid'] = (int)\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newGroupUid');
64  $temp_group_data = BackendUtility::getGroupNames('title,uid', ' AND uid = ' . $this->conf['new_group_uid']);
65  $this->conf['new_group_username'] = htmlspecialchars($temp_group_data[$this->conf['new_group_uid']]['title']);
66  }
67 
68  /********************************************
69  *
70  * Main dispatcher method
71  *
72  ********************************************/
80  public function dispatch($params = array(), \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj = NULL) {
81  $content = '';
82  // Basic test for required value
83  if ($this->conf['page'] > 0) {
84  // Init TCE for execution of update
86  $tce = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
87  $tce->stripslashes_values = 1;
88  // Determine the scripts to execute
89  switch ($this->conf['action']) {
90  case 'show_change_owner_selector':
91  $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
92  break;
93  case 'change_owner':
94  if (is_int($this->conf['new_owner_uid'])) {
95  // Prepare data to change
96  $data = array();
97  $data['pages'][$this->conf['page']]['perms_userid'] = $this->conf['new_owner_uid'];
98  // Execute TCE Update
99  $tce->start($data, array());
100  $tce->process_datamap();
101  $content = self::renderOwnername($this->conf['page'], $this->conf['new_owner_uid'], $this->conf['new_owner_username']);
102  } else {
103  $ajaxObj->setError('An error occurred: No page owner uid specified.');
104  }
105  break;
106  case 'show_change_group_selector':
107  $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
108  break;
109  case 'change_group':
110  if (is_int($this->conf['new_group_uid'])) {
111  // Prepare data to change
112  $data = array();
113  $data['pages'][$this->conf['page']]['perms_groupid'] = $this->conf['new_group_uid'];
114  // Execute TCE Update
115  $tce->start($data, array());
116  $tce->process_datamap();
117  $content = self::renderGroupname($this->conf['page'], $this->conf['new_group_uid'], $this->conf['new_group_username']);
118  } else {
119  $ajaxObj->setError('An error occurred: No page group uid specified.');
120  }
121  break;
122  case 'toggle_edit_lock':
123  // Prepare data to change
124  $data = array();
125  $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
126  // Execute TCE Update
127  $tce->start($data, array());
128  $tce->process_datamap();
129  $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
130  break;
131  default:
132  if ($this->conf['mode'] == 'delete') {
133  $this->conf['permissions'] = (int)($this->conf['permissions'] - $this->conf['bits']);
134  } else {
135  $this->conf['permissions'] = (int)($this->conf['permissions'] + $this->conf['bits']);
136  }
137  // Prepare data to change
138  $data = array();
139  $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
140  // Execute TCE Update
141  $tce->start($data, array());
142  $tce->process_datamap();
143  $content = self::renderPermissions($this->conf['permissions'], $this->conf['page'], $this->conf['who']);
144  }
145  } else {
146  $ajaxObj->setError('This script cannot be called directly.');
147  }
148  $ajaxObj->addContent($this->conf['page'] . '_' . $this->conf['who'], $content);
149  }
150 
151  /********************************************
152  *
153  * Helpers for this script
154  *
155  ********************************************/
164  protected function renderUserSelector($page, $ownerUid, $username = '') {
165  // Get usernames
166  $beUsers = BackendUtility::getUserNames();
167  // Init groupArray
168  $groups = array();
169  if (!$GLOBALS['BE_USER']->isAdmin()) {
170  $beUsers = BackendUtility::blindUserNames($beUsers, $groups, 1);
171  }
172  // Owner selector:
173  $options = '';
174  // Loop through the users
175  foreach ($beUsers as $uid => $row) {
176  $selected = $uid == $ownerUid ? ' selected="selected"' : '';
177  $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
178  }
179  $elementId = 'o_' . $page;
180  $options = '<option value="0"></option>' . $options;
181  $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
182  $saveButton = '<a onclick="WebPermissions.changeOwner(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\');" title="Change owner">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
183  $cancelButton = '<a onclick="WebPermissions.restoreOwner(' . $page . ', ' . $ownerUid . ', \'' . ($username == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($username)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
184  $ret = $selector . $saveButton . $cancelButton;
185  return $ret;
186  }
187 
196  protected function renderGroupSelector($page, $groupUid, $groupname = '') {
197  // Get usernames
198  $beGroups = BackendUtility::getListGroupNames('title,uid');
199  $beGroupKeys = array_keys($beGroups);
200  $beGroupsO = ($beGroups = BackendUtility::getGroupNames());
201  if (!$GLOBALS['BE_USER']->isAdmin()) {
202  $beGroups = BackendUtility::blindGroupNames($beGroupsO, $beGroupKeys, 1);
203  }
204  // Group selector:
205  $options = '';
206  // flag: is set if the page-groupid equals one from the group-list
207  $userset = 0;
208  // Loop through the groups
209  foreach ($beGroups as $uid => $row) {
210  if ($uid == $groupUid) {
211  $userset = 1;
212  $selected = ' selected="selected"';
213  } else {
214  $selected = '';
215  }
216  $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
217  }
218  // If the group was not set AND there is a group for the page
219  if (!$userset && $groupUid) {
220  $options = '<option value="' . $groupUid . '" selected="selected">' . htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
221  }
222  $elementId = 'g_' . $page;
223  $options = '<option value="0"></option>' . $options;
224  $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
225  $saveButton = '<a onclick="WebPermissions.changeGroup(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\');" title="Change group">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
226  $cancelButton = '<a onclick="WebPermissions.restoreGroup(' . $page . ', ' . $groupUid . ', \'' . ($groupname == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($groupname)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
227  $ret = $selector . $saveButton . $cancelButton;
228  return $ret;
229  }
230 
240  static public function renderOwnername($page, $ownerUid, $username, $validUser = TRUE) {
241  $elementId = 'o_' . $page;
242  $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeOwnerSelector(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($username) . '\');">' . ($validUser ? ($username == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
243  return $ret;
244  }
245 
255  static public function renderGroupname($page, $groupUid, $groupname, $validGroup = TRUE) {
256  $elementId = 'g_' . $page;
257  $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeGroupSelector(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($groupname) . '\');">' . ($validGroup ? ($groupname == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
258  return $ret;
259  }
260 
268  protected function renderToggleEditLock($page, $editLockState) {
269  if ($editLockState === 1) {
270  $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 1);" title="The page and all content is locked for editing by all non-Admin users.">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-warning-lock') . '</a>';
271  } else {
272  $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 0);" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">[+]</a>';
273  }
274  return $ret;
275  }
276 
285  static public function renderPermissions($int, $pageId = 0, $who = 'user') {
286  $str = '';
287  $permissions = array(1, 16, 2, 4, 8);
288  foreach ($permissions as $permission) {
289  if ($int & $permission) {
290  $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-granted', array(
291  'tag' => 'a',
292  'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
293  'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'delete\', \'' . $who . '\', ' . $int . ');',
294  'style' => 'cursor:pointer'
295  ));
296  } else {
297  $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-denied', array(
298  'tag' => 'a',
299  'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
300  'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'add\', \'' . $who . '\', ' . $int . ');',
301  'style' => 'cursor:pointer'
302  ));
303  }
304  }
305  return '<span id="' . $pageId . '_' . $who . '">' . $str . '</span>';
306  }
307 
308 }
TYPO3\CMS\Backend\Utility\BackendUtility\blindUserNames
static blindUserNames($usernames, $groupArray, $excludeBlindedFlag=0)
Definition: BackendUtility.php:1347
$uid
$uid
Definition: server.php:36
TYPO3\CMS\Backend\Utility\BackendUtility\getGroupNames
static getGroupNames($fields='title, uid', $where='')
Definition: BackendUtility.php:1280
TYPO3\CMS\Backend\Utility\BackendUtility\getUserNames
static getUserNames($fields='username, usergroup, usergroup_cached_list, uid', $where='')
Definition: BackendUtility.php:1264
$GLOBALS
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
Definition: ext_localconf.php:5
$ajaxObj
if($ajaxRegistryEntry !==NULL) $ajaxObj
Definition: ajax.php:63